Support » Plugin: SiteGround Security » Worked great until v1.3.5

Worked great until v1.3.5

  • karll10

    (@karll10)


    2 months, 3 weeks ago

    I love Siteground and all their features / plugins. But ever since v1.3.5 it started causing issues logging in because of certain characters I was using in my custom login URL, namely $ and = signs.

    Initially with v1.3.5 they stopped supporting the $ sign, so I had to login via ftp, disable the plugin, then login to the WordPress backend, then renable the plugin via ftp, then update the custom login URL in the plugin, then everything worked ok. Then v1.3.7 came out and they stopped supporting the = sign, so I had to go through all that process again.

    I manage 105 websites so this was an absolute nightmare, plus having to email all my clients with new login URLs twice in the space of a month, didn’t go down to well at all.

    I hate to say this, but if your an agency, avoid using this plugin…

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Elena Chavdarova

    (@elenachavdarova)

    2 months, 3 weeks ago

    Hello @karll10,

    I am sorry to hear you had such troubles with the plugin.

    Allow me to provide more details why we have applied those changes in the recent plugin updates:

    In the 1.3.5 version of the plugin we have added functionality which will deny administrative user logins from third party login forms. This was applied as an additional protection and such users are being forced to login only from custom login URL. This way we can be sure that website clients are not affected and can login via front-end form. In case an administrative user logins are exposed by a third party, unwanted administrative access will still be prevented as they will not know the website custom login URL and your website will be protected.

    Because of the above security straightening, we had to apply the custom login URL characters limitation. Some custom characters are being parsed by the browser and this causes issues with the above mentioned feature.

    In the 1.3.7 version of the plugin we have only applied input validation in the Custom Login URL field in order to avoid the exact issues you have described above.

    I completely understand that this situation caused troubles, especially for such a large number of websites. The changes were applied in order to improve the security this plugin will apply to them all and there should be no need for future changes in the custom login URL.

    Best Regards,
    Elena

    Rasso Hilber

    (@nonverbla)

    2 months ago

    @elenachavdarova Just wanted to say, kudos for this detailed and in-depth answer!

    Plugin Author Elena Chavdarova

    (@elenachavdarova)

    2 months ago

    Thank you, @nonverbla!

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this review.

Views